CVE-2007-4284

Multiple cross-site scripting XSS vulnerabilities in Cisco Unified MeetingPlace Web Conferencing MP 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the 1 Success Template STPL and 2 Failure Template FTPL parameters, which are not properly handled in an err...

CVE-2007-3388

Removed by vendor...

CVE-2007-4141

OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message...

Design/Logic Flaw

OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message...

qt security update

CentOS Errata and Security Advisory CESA-2007:0721 Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Cross site scripting

Cross-site scripting XSS vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE:...

CVE-2007-3769

Cross-site scripting XSS vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE:...

Design/Logic Flaw

videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id parameter, which reveals the path in an error message...

CVE-2007-3529

videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id parameter, which reveals the path in an error message...

Easybe 1-2-3 Music Store (process.php) Remote SQL Injection Vuln

No description provided by source. --==+================================================================================+==-- --==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZ...

Easybe 1-2-3 Music Store (process.php) Remote SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================ Easybe 1-2-3 Music Store process.php Remote SQL Injection Vuln ================================================================...

Code injection

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the page parameter, which reveals the table prefix in an error message...

CVE-2007-3434

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the page parameter, which reveals the table prefix in an error message...

Design/Logic Flaw

NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the displayerrors setting in 1 Common.php and 2 imageresizer.php, and 3 the use of FILE in error reporting by imageresizer.php; and 4 vi...

CVE-2007-3367

Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from...

Path traversal

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...

CVE-2007-3127

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

Design/Logic Flaw

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

EUVD-2007-3119

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

CVE-2007-3229

index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message...